Why Oracle Picked Small Startup NetFoundry as a Cloud Security Secret Weapon

Oracle has been making strides in the public cloud space, as demonstrated by recent financial growth and a vaulting stock price. This week it made an intriguing move to beef up both the networking and cybersecurity functionality of the Oracle Cloud with the selection zero trust network access (ZTNA) technology from tiny startup NetFoundry.

You may have read the news: High-profile cyberattacks such as Colonial Pipeline and the New York City transit system are in the news again. Many of these new attacks are based on access to enterprise networks and cloud systems. This begs the question: What more can be done to protect networks and cloud applications? ZTNA is a growing area of interest in cybersecurity — it helps lock down applications by taking additional steps to make sure that only the right users have access to the right applications.

Cloud Security as Code

In the news release, Oracle this week said it will offer NetFoundry’s zero-trust software development kits (SDKs) to application providers, giving them the opportunity to build software-based ZTNA into their Oracle Cloud applications. In addition, Oracle points out that NetFoundry’s security tools can be used to build higher levels of security into its Oracle Autonomous Database and Private Kubernetes API network.

Enabling app developers to build secure networking directly into applications is part of a movement known as infrastructure as code. I like to call it security as code. By cutting this deal with NetFoundry, Oracle believes it can add value to its cloud by building in better performance and security features.

So why NetFoundry? The company has a very unique approach that is entirely developed as cloud-native software.

NetFoundry is based in North Carolina and has about 75 employees. It is run by Founder and CEO Galeal Zino, a long-term networking engineer, and funded by global service provider giant Tata Communications. NetFoundry’s approach combines building a private cloud network that an be tapped on demand — giving it aspects of Cloudflare. But it also offers SDKs that enable software developers to build secure cloud networking on demand. NetFoundry also points out that its technology is “agentless,” meaning special hardware and software is not needed on the client access side — it’s all provided from the cloud, as cloud-native software.

Oracle’s move will essentially inject virtual cloud networking and ZTNA features directly into the Oracle Cloud. Customers of Oracle Cloud and Oracle apps can tap into NetFoundry’s additional secure networking.

By adding additional security features to its cloud software as well as its own cloud applications, Oracle believes it will be able to differentiate itself in the infrastructure as a service (IaaS) and platform as a service (PaaS) markets.

As NetFoundry’s Zino decribes it, you are “baking in” security to the Oracle Cloud applications rather than “bolting it on” later.

“Doing zero trust networking from the cloud side is massive because so many apps are in the cloud,” Zino told me in an interview this week. “Any app in the cloud is a candidate for ZTNA.”

This will be an important differentiator for Oracle as it aims to catch up to public cloud leaders Amazon and Microsoft. Lately, Oracle’s stock price and financial metrics have been climbing as it demonstrates progress in this battle. In its March earnings release, it reported that cloud services and license support revenues were up 5% to $7.3 billion. Cloud license and on-premise license revenues were up 4% to $1.3 billion. But it also reported that Oracle Gen2 Cloud Infrastructure, including Autonomous Database revenue, was up over 100%.

NetFoundry already has a deal in place with Microsoft, whereby it became one of the software vendors inside of Microsoft’s Azure Edge Stack. But Zino thinks this could be even more powerful for Oracle because it is more broad-based.

“They have two ingredients for success,” said Zino. “They have the Oracle apps. When Microsoft became number two in cloud, it was because they had the Microsoft apps. So I think, Oracle is now parlaying that. Oracle can also bundle the apps with security and better pricing.”

With this move, Oracle is killing two cybersecurity birds with one stone: It is offering better security for its own cloud apps that can be enabled with zero trust, while also adding an additional layer of networking performance and security features that Oracle Cloud customers can build directly into their own applications.

“The cloud represents a huge opportunity for our partner community,” said David Hicks, vice-president, Worldwide ISV Cloud Business Development, Oracle, in a corporate statement. “NetFoundry’s commitment to innovation with the Oracle Cloud and quality execution will help our mutual customers receive cloud-enabled networking solutions, ready to meet their critical business needs.”

Oracle stated in its release that “NetFoundry makes zero trust networking programmatic and highly agile with cloud native orchestration and infrastructure managed as-a-service, with pay-as-you-pricing, to instantly spin up and manage zero trust, performant, edge-to-cloud, hybrid cloud and cloud-to-cloud networks.”

This is a really interesting deal that hints at where cloud networking and security are both going in the future: Using techniques such as APIs and SDKs, developers will have more tools available to build transparent security and networking features directly into cloud apps.